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THE MAILING DATE OF THIS COMMUNICATION. 
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DETAILED ACTION 

1. Claims 1-25 are pending. 



Specification 

2. The abstract of the disclosure is objected to because: 

(1) "from a secure" should be replaced with "from a secure medium" or similar change 

(2) "including" should be replaced with "includes" 
Correction is required. See MPEP § 608.01(b). 



Claim Objections 

3. The claims are objected to because they include reference characters which are not 
enclosed within parentheses. 

Reference characters corresponding to elements recited in the detailed description of the 
drawings and used in conjunction with the recitation of the same element or group of elements in 
the claims should be enclosed within parentheses so as to avoid confusion with other numbers or 
characters which may appear in the claims. See MPEP § 608.01(m). Claims 1-25 contain 
reference to "ED", where reference should be made to "identification". For instance claim 17, 
line 4 should read "an encryption logic to send the identification and content from a secure 
medium;". 

4. Claims 15, 16 & 19 are objected to because of the following informalities: 
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Regarding claim 15, the claim depends upon itself Claim 16 is objected to due to its 
dependence on claim 15. For the purposes of this office action, the claim is understood to 
depend from claim 14. 

Regarding claim 19, "key send" should be replaced with "key sent". Appropriate 
correction is required. 



Claim Rejections - 35 USC § 112 

5. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of making 
and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make and use the same and shall set forth the best mode 
contemplated by the inventor of carrying out his invention. 

6. Claim 1 is rejected under 35 U.S.C. 1 12, first paragraph, as based on a disclosure which 
is not enabling. The "application" critical or essential to the practice of the invention, but not 
included in the claim(s) is not enabled by the disclosure. See In reMayhew, 527 F.2d 1229, 188 
USPQ 356 (CCPA 1976). Figs. 1, 3 & 7 demonstrate that the "application" is considered 
essential by the applicant to correctly perform the steps of claim 1 of the invention, but is omitted 
from the claim. Claims 2-16 are rejected based on their dependency upon claim 1. 

7. The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 



The specification shall conclude with one or more claims particularly pointing out and distinctly clairning the 
subject matter which the applicant regards as his invention. 
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8. Claims 1-24 are rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as 
the invention. 

a. Regarding claim 1, it is unclear how the session key is received only if 
authenticated, when the session key was previously sent to the server and is therefore 
already possessed. Claims 2-16 are rejected based on their dependency upon claim 1 . 

b. Regarding claim 2, it is unclear how claim 2 relates to claim 1, as there is nothing 
to tie claim 2 to claim 1 . Claim 3 is rejected based upon its dependence on claim 3. 

c. Regarding claim 17, it is unclear whether more than one "read . . . content" is 
occurring because the step of reading appears to happen twice (line 3 and line 7). Claims 
18-24 are rejected based upon their dependency upon claim 17. 

9. Claim 7 recites the limitation "the application" in line 2 of the claim. There is 
insufficient antecedent basis for this limitation in the claim. 



Claim Rejections - 35 USC §102 

10. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 21(2) of such treaty in the English language. 

1 1 . Claims 1-6 & 10-16 are rejected under 35 U.S.C. 102(e) as being anticipated by U.S. 
Patent 6,499,106 to Yaegashi et al. (Yaegashi). Yaegashi discloses determining a secure 



medium identification (disk ID) from a secure medium (col. 10 lines 47-65) including 
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content/sensitive information (col. 8 lines 61-67), sending the ID to a server/central access 
control system (col 9 lines 20-28), requesting user authentication (col. 10 lines 47-65), and if the 
user is successfully authenticated, receiving a session key/decryption key from the server to 
enable reading of the content on the secure medium (col. 1 1 lines 1-22). 

Regarding claims 2 & 3, Yaegashi discloses streaming/sending the content to an 
application/information access system that uses the session key/decryption key to decrypt and 
display the content (col. 1 1 lines 12-22). 

Regarding claim 4, Yaegashi discloses the content stored as encrypted content on the 
secure medium (col. 11 lines 1-22). 

Regarding claims 5 & 6, Yaegashi discloses receiving a content decryption key from the 
server, in response to the disk ID/disc identification information and the user authentication (col. 
10 lines 47-65) wherein the content decryption key is determined based on the disk ID/disc 
identification information (col. 12 lines 29-50). 

Regarding claim 10, Yaegashi discloses a CD (col. 1 1 lines 1-22). 

Regarding claim 11, Yaegashi discloses digitally encoded music (col. 1 lines 44-59 & 
col. 4 lines 17-41). 

Regarding claim 12, Yaegashi discloses the use of a credit card for unlocking of copy- 
protected software, but lacks specific disclosure of using a credit card for authentication. 
However, official notice is hereby taken that it was well-known in the art to authenticate online 
purchases based on a credit card to allow royalties to be collected. Therefore, it would have been 
obvious to one having ordinary skill in the art at the time the invention was made to authenticate 
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via credit card. One of ordinary skill in the art would have been motivated to perform such a 
modification to allow royalties to be collected as was well-known in the art. 

Regarding claim 13, Yaegashi discloses a password used for authentication (col. 10 lines 

47-65). 

Regarding claim 14, Yaegashi discloses determining if the disk ID is already associated 
with a user (col. 12 lines 4-17) and if the disk ID/disc identification information is not yet 
associated with the user, associating the user authentication data/login identity with the disk 
ID/disc identification information (col. 12 lines 4-17 & lines 56-61). 

Regarding claim 15, Yaegashi discloses determining that the current user authentication 
matches the user (validation/authentication by determining if the user matches a key for the 
current disk) (col. 10 lines 47-65 & col. 12 lines 4-8) in addition to determining if a user is 
associated with the disk ID/disc identification information (col. 12 lines 4-17). 

12. Regarding claim 16, Yaegashi discloses that if validation is unsuccessful, the session 
key/content key is not returned (col. 1 1 lines 5-10). 

13. Claims 17 & 18, as best understood, are rejected under 35 U.S.C 103(a) as being 
unpatentable over U.S. Patent 6,636,966 to Lee et al. (Lee) in view of U.S. Patent 6,236,727 to 
Ciacelli et al. (Ciacelli). 

Regarding claim 17, Lee discloses a reader/data storage engine (Fig. 1 #14) to read an 
identification (ID)/identification of content to enable (Fig. 3 A #3 1) and content/data stored on a 
storage medium (col. 2 lines 49-67), encryption logic (Fig. 2C1) to send the identification to a 
server/content key server (col. 9 lines 17-26) in encrypted form (col. 9 lines 39-46), an 
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authentication logic to receive authentication from the server/content key server indicating 
approval to read the content of the secure medium/storage medium (col. 9 line 63 - col. 10 line 
3) and sending the content to an application/host (Fig. 2C1 & Fig. 2B #254). Lee lacks the 
encryption logic encrypting the content prior to sending the content to an application/host. 
However, Ciacelli teaches the well-known concept that encrypting a data stream, one ensures 
that the information in the stream (such as copyrighted material) is not exposed during the data 
transfer (col. 3 lines 25-64). Therefore, it would have been obvious to one having ordinary skill 
in the art at the time the invention was made to encrypt the content prior to sending the content to 
an application. One of ordinary skill in the art would have been motivated to perform such a 
modification to ensure that the content is not exposed during data transfer, as taught by Ciacelli 
(col. 3 lines 25-64). 

Regarding claim 18, Lee discloses using a symmetric key to encrypt the ID/packet (col. 
11 lines 38-53). 



14. Claims 20 & 21, as best understood, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Lee in view of Ciacelli, as applied to claim 17 above, in further view of 
Yaegashi and Schneier. 

Regarding claim 20, Lee discloses receiving a decrypting key from the server and 
discloses the possibility of requesting a payment with a credit card/authentication (col. 5 lines 
54-67), but lacks explicitly authenticating a user and streaming decryption logic to receive data 
from the server and play the data. However, Yaegashi teaches a similar system for the 
distribution of information on a media where a user must log in to the information access 
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system/system that reads the recording medium (col. 10 lines 46-65). While Yaegashi does not 
explicitly teach motivation for doing so, it is well-known in the art to use a user identification 
and password to identify/verify/authenticate a user to another entity, as taught by Schneier (page 
52). Therefore, it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to provide a user authentication interface to request a user authentication 
password in response to a server request, and to send the data received from a user to the server, 
receiving a decryption key from the server if the user is authenticated, as suggested by Lee (col. 
5 lines 54-67) and Yaegashi (col. 10 lines 46-65). One of ordinary skill in the art would have 
been motivated to perform such a modification to authenticate the user, as taught by Schneier 
(page 52). As modified, Lee lacks streaming decryption logic. However, Ciacelli teaches the 
concept that encrypting a data stream, one ensures that the information in the stream (such as 
copyrighted material) is not exposed during the data transfer (col. 3 lines 25-64). Therefore, it 
would have been obvious to one having ordinary skill in the art at the time the invention was 
made to include streaming decryption logic to receive and decrypt data using the received key. 
One of ordinary skill in the art would have been motivated to perform such a modification to 
ensure that the content is not exposed during data transfer, as taught by Ciacelli (col. 3 lines 25- 
64). 

Regarding claim 21, Lee discloses the decryption key being a content decryption key 
(col. 9 line 63 - col. 10 line 3) and, as modified by Ciacelli, a session key (defined by Schneier 
as a key used with symmetric algorithms to secure message traffic (page 33)). 
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15. Claim 25, as best understood, is rejected under 35 U.S.C. 103(a) as being unpatentable 
over Yaegashi in view of Ciacelli. Yaegashi discloses a reader (col. 9 lines 20-28) to read an 
identification (col. 9 lines 1-10) and content/sensitive information (col. 8 lines 61-67) from a 
secure medium/distribution CD (col. 9 lines 1-10), an authentication logic to receive 
authentication/decryption key from the server indicating approval to read the content of the 
secure medium (col. 9 lines 20-38), sending the content to an application/information access 
system (col 9 lines 50-59 & Fig. 1) and key logic to receive a decryption key from the server if 
the user is authenticated (col. 1 1 lines 1-22). Yaegashi lacks explicit disclosure of the 
application/information access system comprising a user interface to request user identification 
in response to a server request and to send the data received from a user to the server. However, 
it is inherent that such a user interface must exist to allow the user to enter access information 
(col. 10 lines 47-65). Yaegashi further lacks an encryption logic further to encrypt the content 
prior to sending the content to an application and a streaming decryption logic to receive data 
from the secure device and decrypt the data using the key received and play the data. However, 
Ciacelli teaches the concept that encrypting a data stream, one ensures that the information in the 
stream (such as copyrighted material) is not exposed during the data transfer (col. 3 lines 25-64). 
Therefore, it would have been obvious to one having ordinary skill in the art at the time the 
invention was made to encrypt the content prior to sending the content to an application and 
include streaming decryption logic to receive and decrypt data using the received key. One of 
ordinary skill in the art would have been motivated to perform such a modification to ensure that 
the content is not exposed during data transfer, as taught by Ciacelli (col. 3 lines 25-64). 
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Allowable Subject Matter 
16. Claims 8, 19 & 22, as best understood, would be allowable if rewritten to overcome the 
rejection(s) under 35 U.S.C. 1 12, second paragraph, set forth in this Office action and to include 
all of the limitations of the base claim and any intervening claims. 



Conclusion 

17. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

The patent references not relied upon were cited for general relevance in the art of 
copy protection for teaching various methods such as session keys to protect point-to- 
point communication, encrypted data on a storage medium, licensing servers and content 
key servers. 

The Sibert article was cited for teaching copy protection using cryptography, 
specifically "Digibox" technology. 



18. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael J. Simitoski whose telephone number is (703)305-8191. 
The examiner can normally be reached on Monday - Thursday, 6:45 a.m. - 4:15 p.m.. The 
examiner can also be reached on alternate Fridays from 6:45 a.m. -3:15 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (703)308-4789. 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
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Washington, DC 20231 
Or faxed to: 

(703)746-7239 (for formal communications intended for entry) 

Or: 

(703)746-7240 (for informal or draft communications, please label "PROPOSED" 
or "DRAFT") 

Hand-delivered responses should be brought to Crystal Park II, 2121 Crystal Drive, 
Arlington, VA 22202, Fourth Floor (Receptionist). 

Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (703) 305-9000. 

19. Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




MJS 

April 5, 2004 




PRIMARY EXAMINER 



